Mandatory setting to ignore core_updates

Description

In Debian bugreport[1] a rough workarround is suggested based on an Ubuntu patch, but attached patch should give distributions the option to disable the core_update code. Distributions can use the following statement in a central wp-config.php to disable the feature:

Change History (9)

My only objection is: Distributions like Debian & others shouldnt be allowed to disable the update notification, It gives a false sense of security that there are no updates available, whereas, In reality, A Update has been released (It just doesnt match with the packagers idea of needed update). Quite often the update is required for security-related reasons.

My preference would be for packagers to include a simple plugin by default which allows for it to only notify of packager-released updates.

I see too many outdated installs of WordPress due to relying on the packager, eg. running an ourdated version of a distro, and then using its outdated version of WP.

All the big distributions backport security patches and if this is something that doesn't match your view, then sorry but it's reality. The reason behind this patch is the same as the one behind the Debian packages. Get Wordpress in one place centrale so it is easy to patch, maintain and control.

This patch is a port of my production tree for blog hosting to stop people making support calls about the warning that a new version is available. Since it matches the bug of Debian, I submitted this patch as a solution to disable the feature for distributions without disturbing the normal working of WordPress.

If you want to create a plugin to solve this issue with package management, then please do so. But I doubt the use of it. I'm not going to use it when it allows people to turn it on/off.

You just explained the reason why it takes forever to get an updated distro package for Debian. So instead of testing like the latest PHP to see if it is stable and getting those new features out, Debian would rather spend all their time back porting security and bug fixes.

This is all well and good, but it is isn't perfect. You may argue stability trumps little things like new features and enhancements, but that is why Debian has a reputation of being extremely stable and worthless.

I read the Beta vs VHS and I don't think Debian has learned anything from that war. People could care less about quality, they just want features that sort of work. Now, while the users of servers are more technical minded with security, stability, and important concepts of up-time of like 100%.

The problem is that, while I do want my server to not FUBAR when I update a package, I do not expect upgrading a PHP package to have the same risk. Testing a PHP package is not as difficult as checking dependencies of various compiled libraries and making sure that everything checks out. That process is a lot more dedicated and rigorous than testing a PHP package. I just need to download WordPress, my plugins, and themes on my local system and if it doesn't break, then I'm ready to go.

What I do agree with, is that there will be certain environments where I don't want the administrator to upgrade using the built-in component.